Internet of Things Hacking: Ethical Hacking of a Smart Camera

Abstract

The Internet of Things (IoT) has introduced to the world the power of connectivity and automation. Through the use of a smart device, a task as simple as turning on a light bulb can take place directly from a person’s mobile phone. Other, more powerful, devices have the ability to record their surroundings, listen to commands, and even guard and protect a house! These are all commendable advancements, but what happens when one of these devices becomes compromised?

An attacker could gain access to an internet-enabled device and become aware of private and sensitive information - useful for taking over other devices on the network, as well as harvesting data for their own malicious purposes. Within this report, common weaknesses and mitigation paths of IoT devices will be discussed, as well as methods and tools that hackers use to attack.

Furthermore, an ethical hacking demonstration will be deployed against an internet-enabled security camera, Wyze Cam V2. Through the use of a firmware attack, root access was gained, allowing the view of confidential folders, containing video and audio files. Certain security methods demand improvement within this device in order to keep its users safe, which will be discussed further in this report.